In the previous blog here we looked at URL Redirection detection and prevention. Similarly, let us look at one more vulnerability URL Forward. What happens in this Forward type? Forward occurs when your application allows the user to go to different pages/resources of the site.
What is the difference between URL Redirection and Forward?
In simple, the destination of landing. If landing occurs in another URL then it is redirection. If the landing occurs on the internal side then it is Forward.
Tip: How to identify redirect ?
Through status code this Open redirections can be found. 3.X.X status code denotes that application redirected user to another URL.
How this Forward threaten the application?
If the function of the application is to forward users to different pages within the site. And parameter from the client is not validated then it poses a serious threat leading to revealing sensitive information or even redirection.
Consider the above URL is loaded in the browser, the function of this parameter nav is to bring the user to the user page. That page can have some roles-based activity or information. But, when an attacker suspects that the nav parameter can be tricked to gain more space in the application. Surely attacker will try to send many values to gain it.
If the application processes this request without validating then surely it will lead to lots of trouble.
How can be this prevented?
- Parameter from the request has to be validated against the user access and then resource should be delivered. Note filtering the request will cause some serious issues to the application if the parameter value is not handled properly.
- Most of the URL Redirection prevention techniques work here.
- Enforce strong notification in the application for all redirections. Notification can be like “Leaving the site, Click Continue”.
URL Redirect and Forward can be combined to Open Redirect. It is recommended to read the previous article to know more about URL Redirection.